Systems and methods for paging over wifi for mobile terminating calls

ABSTRACT

A device may include a processor configured to detect that an Internet Protocol Security (IPsec) tunnel from a user equipment (UE) device connected via a WiFi connection has become idle, based on the IPsec tunnel meeting an idleness criterion, and instruct the UE device to tear down the IPsec tunnel, in response to detecting that the IPsec tunnel from the UE device connected via the WiFi connection meets the idleness criterion. The device may be further configured to receive a mobile terminating call for the UE device; establish a new IPsec tunnel to the UE device via the WiFi connection, in response to receiving the mobile terminating call for the UE device; and forward the received mobile terminating call to the UE device via the established new IPsec tunnel.

CROSS-REFERENCE TO RELATED APPLICATIONS

This patent application is a continuation of U.S. patent applicationSer. No. 17/115,411, filed on Dec. 8, 2020, and titled “SYSTEMS ANDMETHODS FOR PAGING OVER WIFI FOR MOBILE TERMINATING CALLS,” thedisclosure of which is hereby incorporated by reference in its entirety.

BACKGROUND INFORMATION

satisfy the needs and demands of users of mobile communication devices,providers of wireless communication services continue to improve andexpand available services and networks used to deliver such services.One aspect of such improvements includes the development of wirelessaccess networks and options to utilize such wireless access networks. Awireless access network may manage a large number of user devices thatuse different types of services and experience various conditions.Managing all various types of network connections under differentconditions poses various challenges.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an environment according to an implementationdescribed herein;

FIG. 2 illustrates exemplary components of the core network of FIG. 1according to an implementation described herein;

FIG. 3 illustrates exemplary components of a device that may be includedin a component of FIG. 1 or FIG. 2 according to an implementationdescribed herein;

FIG. 4 illustrates exemplary components of theNon-Third-Generation-Partnership-Project Interworking Function (N3IWF)of FIG. 2 according to an implementation described herein;

FIG. 5 illustrates exemplary components of the Unified Data Management(UDM) function of FIG. 2 according to an implementation describedherein;

FIG. 6 illustrates exemplary components of the user equipment (UE)device database of FIG. 5 according to an implementation describedherein;

FIG. 7 illustrates a flowchart of a process for managing an InternetProtocol Security (IPsec) tunnel according to an implementationdescribed herein;

FIG. 8 illustrates a flowchart of a process for managing locationupdates according to an implementation described herein; and

FIGS. 9A and 9B illustrate exemplary signal flows according to animplementation described herein.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

The following detailed description refers to the accompanying drawings.The same reference numbers in different drawings identify the same orsimilar elements.

Users of mobile wireless communication services may use various wirelesstechnologies to connect to a network and/or communicate with otherusers. For example, a user equipment (UE) device may be configured tocommunicate with a Radio Access Network (RAN) via a base station usingcellular wireless signals based on the Fourth Generation (4G) Long TermEvolution (LTE) air interface, the Fifth Generation (5G) New Radio (NR)air interface, and/or another type of cellular wireless signals.Furthermore, the UE device may be configured to use short-range wirelesssignals when within the communication range of a wireless local areanetwork (WLAN).

A WiFi network, which is one type of WLAN, is based on the Institute ofElectrical and Electronics Engineers (IEEE) 802.11 family of standards.A UE device may connect to a WiFi transceiver, referred to as a WiFiAccess Point (AP), when the UE device is within the communication rangeof the WiFi AP and is authorized to access the WiFi network associatedwith the WiFi AP. For example, when a UE device enters the communicationrange of the WiFi AP, the UE device may connect to the WiFi AP and mayprioritize communicating via the WiFi AP, rather than via a basestation.

WiFi connections are increasingly used for voice communication. In orderfor a UE device to receive a mobile terminating call (e.g., a call inwhich the UE device is the called party), the UE device may need tomaintain an Internet Protocol (IP) security (IPsec) tunnel via the WiFiAP to the core network of the provider of cellular wirelesscommunication services for which the UE device is a subscriber. The corenetwork may then use the IPsec tunnel to connect the mobile terminatingcall to the UE device. When the UE device is in idle mode, the corenetwork needs to maintain an idle IPsec tunnel to the UE device via theWiFi AP so that the UE device may receive incoming calls. Maintaining alarge number of idle IPsec tunnels wastes network resources by reducingbandwidth capacity and processing capacity of network devices.

Implementations described herein relate to systems and methods forpaging over WiFi for mobile terminating Voice-over-IP (VoIP) calls. Anetwork device may be configured to tear down an idle IPsec tunnel overWiFi to a UE device. Subsequently, if a mobile terminating call to theUE device is received, the network device may page the UE device, usinglocation update information received from the UE device, to establish anew IPsec tunnel. The network device may include, for example, aNon-Third-Generation-Partnership-Project Interworking Function (N3IWF)that interfaces a Third Generation Partnership Project (3GPP) corenetwork to a non-3GPP network, such as a WiFi network.

For example, an N3IWF device in a core network may establish an IPsectunnel from a UE device via a WiFi connection, may receive locationupdate information from the UE device via the established IPsec tunnel,and may provide received location update information to a function thatmaintains subscriber information in the core network, such as, forexample, a Unified Data Management (UDM) function. The location updateinformation may include a UE device identifier (ID) associated with theUE device; a Globally Unique Access and Mobility Function Identifier(GUAMI) associated with the UE device; an N3IWF identifier associatedwith the UE device; a WiFi AP Media Access Control (MAC) addressassociated with the WiFi connection; a service set identifier (SSID)associated with the WiFi connection; and/or other types of locationupdate information. In some implementations, the N3IWF device may thenreceive an instruction from the UDM function to tear down the IPsectunnel if the IPsec tunnel becomes idle. In other implementations, theN3IWF may be configured to automatically tear down the IPsec tunnel ifthe IPsec tunnel becomes idle.

The N3IWF may detect that the IPsec tunnel has become idle, based on theIPsec tunnel meeting an idleness criterion, and may, in response,instruct the UE device to tear down the IPsec tunnel. At a later time,the N3IWF device may receive a mobile terminating call for the UE deviceand may, in response, establish a new IPsec tunnel to the UE device viathe WiFi connection and forward the received mobile terminating call tothe UE device via the established new IPsec tunnel. For example, theN3IWF device may page the UE device using location update informationobtained from the UDM function and may instruct the UE device toestablish the new IPsec tunnel. In some implementations, if paging theUE device via the WiFi connection is not successful, the N3IWF mayinform another component of the core network (e.g., an Access andMobility Function (AMF)) and the core network may page the UE deviceusing a cellular connection via a base station to which the UE device isattached. In other implementations, the core network may page the UEdevice via both the WiFi connection and the cellular wirelessconnection. If paging the UE device is not successful (e.g., the UEdevice does not respond by establishing an IPsec tunnel), the mobileterminating call may be forwarded to voicemail.

FIG. 1 is a diagram of an exemplary environment 100 in which the systemsand/or methods, described herein, may be implemented. As shown in FIG. 1, environment 100 may include UE device(s) 110, WiFi Access Point(s)(AP(s)) 120, an Internet Service Provider Network 130, a core network140, a radio access network (RAN) 150, base station(s) 155, aMulti-Access Edge Computing (MEC) network 160, MEC device(s) 165, andpacket data network(s) (PDN(s)) 170.

UE device(s) 110 may include any device with cellular wirelesscommunication functionality and WiFi communication functionality. Forexample, UE device 110 may include a handheld wireless communicationdevice (e.g., a mobile phone, a smart phone, a tablet device, etc.); awearable computer device (e.g., a head-mounted display computer device,a head-mounted camera device, a wristwatch computer device, etc.); alaptop computer, a tablet computer, or another type of portablecomputer; a desktop computer; a customer premises equipment (CPE)device, such as a set-top box or a digital media player (e.g., Apple TV,Google Chromecast, Amazon Fire TV, etc.), a WiFi access point, a smarttelevision, etc.; a portable gaming system; a global positioning system(GPS) device; a home appliance device; a home monitoring device; and/orany other type of computer device with wireless communicationcapabilities and a user interface. UE device 110 may includecapabilities for voice communication, mobile broadband services (e.g.,video streaming, real-time gaming, premium Internet access etc.), besteffort data traffic, and/or other types of applications.

In some implementations, UE device 110 may communicate usingmachine-to-machine (M2M) communication, such as MTC, and/or another typeof M2M communication for Internet of Things (IoT) applications. Forexample, UE device 110 may include a health monitoring device (e.g., ablood pressure monitoring device, a blood glucose monitoring device,etc.), an asset tracking device (e.g., a system monitoring thegeographic location of a fleet of vehicles, etc.), a traffic managementdevice (e.g., a traffic light, traffic camera, road sensor, roadillumination light, etc.), a climate controlling device (e.g., athermostat, a ventilation system, etc.), a device controlling anelectronic sign (e.g., an electronic billboard, etc.), a devicecontrolling a manufacturing system (e.g., a robot arm, an assembly line,etc.), a device controlling a security system (e.g., a camera, a motionsensor, a window sensor, etc.), a device controlling a power system(e.g., a smart grid monitoring device, a utility meter, a faultdiagnostics device, etc.), a device controlling a financial transactionsystem (e.g., a point-of-sale terminal, an automated teller machine, avending machine, a parking meter, etc.), and/or another type ofelectronic device.

WiFi AP(s) 120 may include a device with a transceiver configured tocommunicate with client devices 140 using WiFi signals based on the IEEE802.11 standards for implementing a WLAN network. WiFi AP 120 may beconnected to a switch and/or router (not shown in FIG. 1 ) for devicesin a customer premises network and may connect devices in the customerpremises network to an Internet Service Provider (ISP) network via awired connection, such as an Ethernet cable, or an optical networkterminal (ONT) connected to an optical fiber. ISP network 130 mayinclude a Layer 2 and/or Layer 3 network associated with an ISP. ISPnetwork 130 may enable UE device 110 to communicate with other networks,such as core network 140 and/or PDN network 170.

Core network 140 may be managed by a provider of cellular wirelesscommunication services and may manage communication sessions ofsubscribers connecting to core network 140 via WiFi AP 120 and/or viaRAN 150. For example, core network 160 may establish an InternetProtocol (IP) connection between UE devices 110 and PDN 170. Corenetwork 140 may include a 5G core network. Exemplary components of corenetwork 140 are described below with reference to FIG. 2 .

RAN 150 may include one or more base stations 155. Each base station 155may include devices and/or components configured to enable cellularwireless communication with UE devices 110. For example, base station155 may include a 5G NR base station (e.g., a gNodeB) and/or a 4G LTEbase station (e.g., an eNodeB). Core network 140 may facilitatehandovers between base stations 155 and between base stations 155 andWiFi Aps 120. For example, if UE device 110 leaves the communicationrange of WiFi AP 120, a connection to UE device 110 via WiFi AP 120 maybe handed over to base station 155, and if UE device 110 enters thecommunication range of WiFi AP 120, a connection to UE device 110 viabase station 15 may be handed over to WiFi AP 120.

MEC network 160 may provide MEC services for UE devices 110 attached tocore network 140 via WiFi AP 120 and/or via RAN 180. MEC network 160 mayinterface with RAN 150 and/or with core network 140 via a MEC gatewaydevice (not shown in FIG. 1 ). MEC network 160 may include MEC device(s)165. MEC device(s) 165 may provide MEC services, such as a serviceassociated with a particular application, such as a content deliverysystem that provides streaming video on demand, an audio streamingservice, a real-time online game, a virtual reality application, amedical or health monitoring application, and/or another type ofapplication with a low latency requirement. As another example, a MECservice may include a cloud computing service, such as cache storage,use of artificial intelligence (AI) accelerators for machine learningcomputations, image processing, data compression, locally centralizedgaming, use of Graphics Processing Units (GPUs) and/or other types ofhardware accelerators for processing of graphic information and/or othertypes of parallel processing, and/or other types of cloud computingservices. As yet another example, a MEC service may include a networkservice, such as authentication, for example via a certificate authorityfor a Public Key Infrastructure (PKI) system, a local Domain Name System(DNS) service, implementation of a virtual network function (VNF),and/or another type of network service. As yet another example, a MECservice may include control of IoT devices, such as hosting anapplication server for autonomous vehicles, a security system, amanufacturing and/or robotics system, and/or another type of IoT system.Furthermore, MEC device(s) 165 may implement/host one or more functionsof core network 140.

PDN(s) 170 may each include a packet data network. PDN 170 may beassociated with an Access Point Name (APN) and a UE device may request aconnection to the particular packet data network 190 using the APN. PDN170 may include, and/or be connected to and enable communication with, alocal area network (LAN), a wide area network (WAN), a metropolitan areanetwork (MAN), an autonomous system (AS) on the Internet, an opticalnetwork, a cable television network, a satellite network, a wirelessnetwork (e.g., a CDMA network, a general packet radio service (GPRS)network, and/or an LTE network), an ad hoc network, a telephone network(e.g., the Public Switched Telephone Network (PSTN) or a cellularnetwork), an intranet, or a combination of networks. For example, PDN170 may include an IP Multimedia Subsystem (IMS) that manages voicecommunication between UE devices 110 and/or between UE devices 110 andother voice communication devices.

Although FIG. 1 shows exemplary components of environment 100, in otherimplementations, environment 100 may include fewer components, differentcomponents, differently arranged components, or additional componentsthan depicted in FIG. 1 . Additionally, or alternatively, one or morecomponents of environment 100 may perform functions described as beingperformed by one or more other components of environment 100.

FIG. 2 illustrates an implementation 200 of core network 140 as a 5Gcore network. As shown in FIG. 2 , implementation 200 includes UE device110, gNodeB 210, core network 140, and PDN 170. Core network 140 mayinclude an AMF 220, a User Plane Function (UPF) 230, a SessionManagement Function (SMF) 240, an Application Function (AF) 250, a UDM252, a Policy Control Function (PCF) 254, a Charging Function (CHF) 256,a Network Repository Function (NRF) 258, a Network Exposure Function(NEF) 260, a Network Slice Selection Function (NSSF) 262, anAuthentication Server Function (AUSF) 264, a 5G Equipment IdentityRegister (EIR) 266, a Network Data Analytics Function (NWDAF) 268, aShort Message Service Function (SMSF) 270, a Security Edge ProtectionProxy (SEPP) 272, and an N3IWF 274.

While FIG. 2 depicts a single AMF 220, UPF 230, SMF 240, AF 250, UDM252, PCF 254, CHF 256, NRF 258, NEF 260, NSSF 262, AUSF 264, EIR 266,NWDAF 268, SMSF 270, SEPP 272, and N3IWF 274 for illustration purposes,in practice, core network 201 may include multiple AMFs 220, UPFs 230,SMFs 240, AFs 250, UDMs 252, PCFs 254, CHFs 256, NRFs 258, NEFs 260,NSSFs 262, AUSFs 264, EIRs 266, NWDAFs 268, SMSFs 270, SEPPs 272, and/orN3IWFs 274. gNodeB 210 may be part of RAN 120 and may include basestation 125. Exemplary components of gNodeB 210 are describe below withreference to FIG. 2 .

The components of core network 140 may be implemented as dedicatedhardware components, Virtual Network Functions (VNFs), and/orcontainer-based Cloud Native Functions (CNFs), implemented on top of acommon shared physical infrastructure using Software Defined Networking(SDN). For example, an SDN controller may implement one or more of thecomponents of core network 140 using an adapter implementing a VNFvirtual machine, a CNF container, an event driven serverlessarchitecture interface, and/or another type of SDN architecture. Thecommon shared physical infrastructure may be implemented using one ormore devices 300 described below with reference to FIG. 3 in a cloudcomputing center associated with core network 140. Additionally, oralternatively, some, or all, of the common shared physicalinfrastructure may be implemented using one or more devices 300 includedin MEC device 165.

AMF 220 may perform registration management, connection management,reachability management, mobility management, lawful intercepts, ShortMessage Service (SMS) transport between UE device 110 and SMSF 270,session management messages transport between UE device 110 and SMF 240,access authentication and authorization, location services management,functionality to support non-3GPP access networks, and/or other types ofmanagement processes. AMF 220 may be accessible by other function nodesvia an Namf interface 222. AMF 220 may communicate with gNodeB 210and/or with N3IWF 274 via an N2 interface 212.

UPF 230 may maintain an anchor point for intra/inter-RAT mobility,maintain an external Packet Data Unit (PDU) point of interconnect to aparticular PDN 170, perform packet routing and forwarding, perform theuser plane part of policy rule enforcement, perform packet inspection,perform lawful intercept, perform traffic usage reporting, perform QoShandling in the user plane, perform uplink traffic verification, performtransport level packet marking, perform downlink packet buffering,forward an “end marker” to a RAN node (e.g., gNodeB 210), and/or performother types of user plane processes. UPF 230 may communicate with gNodeB210 using an N3 interface 214, communicate with SMF 240 using an N4interface 232, and connect to PDN 170 using an N6 interface 234.

SMF 240 may perform session establishment, session modification, and/orsession release, perform IP address allocation and management, performDynamic Host Configuration Protocol (DHCP) functions, perform selectionand control of UPF 230, configure traffic steering at UPF 230 to guidethe traffic to the correct destinations, terminate interfaces toward PCF254, perform lawful intercepts, charge data collection, support charginginterfaces, control and coordinate of charging data collection,terminate session management parts of Non-Access Stratum messages,perform downlink data notification, manage roaming functionality, and/orperform other types of control plane processes for managing user planedata. SMF 240 may be accessible via an Nsmf interface 242.

AF 250 may provide services associated with a particular application,such as, for example, an application for influencing traffic routing, anapplication for accessing NEF 260, an application for interacting with apolicy framework for policy control, and/or other types of applications.AF 250 may be accessible via an Naf interface 251, also referred to asan NG5 interface.

UDM 252 may maintain subscription information for UE devices 110, managesubscriptions, generate authentication credentials, handle useridentification, perform access authorization based on subscription data,maintain service and/or session continuity by maintaining assignment ofSMF 240 for ongoing sessions, support SMS delivery, support lawfulintercept functionality, and/or perform other processes associated withmanaging user data. UDM 252 may store, in a subscription profileassociated with a particular UE device 110, location update informationthat includes information identifying an AMF associated with theparticular UE device 110 and/or information identifying a WiFi networkassociated with the particular UE device 110. UDM 252 may be accessiblevia a Nudm interface 253.

PCF 254 may support policies to control network behavior, provide policyrules to control plane functions (e.g., to SMF 240), access subscriptioninformation relevant to policy decisions, perform policy decisions,and/or perform other types of processes associated with policyenforcement. PCF 254 may be accessible via Npcf interface 255. CHF 256may perform charging and/or billing functions for core network 140. CHF256 may be accessible via Nchf interface 257.

NRF 258 may support a service discovery function and maintain profilesof available network function (NF) instances and their supportedservices. An NF profile may include an NF instance ID, an NF type, aPublic Land Mobile Network (PLMN) ID(s) associated with the NF, networkslice IDs associated with the NF, capacity information for the NF,service authorization information for the NF, supported servicesassociated with the NF, endpoint information for each supported serviceassociated with the NF, and/or other types of NF information. NRF 258may be accessible via an Nnrf interface 259.

NEF 260 may expose services, capabilities, and/or events to other NFs,including third party NFs, AFs, edge computing NFs, and/or other typesof NFs. Furthermore, NEF 260 may secure provisioning of information fromexternal applications to core network 140, translate information betweencore network 140 and devices/networks external to core network 140,support a Packet Flow Description (PFD) function, and/or perform othertypes of network exposure functions.

NSSF 262 may select a set of network slice instances to serve aparticular UE device 110, determine network slice selection assistanceinformation (NSSAI), determine a particular AMF 220 to serve aparticular UE device 110, and/or perform other types of processingassociated with network slice selection or management. NSSF 262 mayprovide a list of allowed slices for a particular UE device 110 to UDM252 to store in a subscription profile associated with the particular UEdevice 110. NSSF 262 may be accessible via Nnssf interface 263.

AUSF 264 may perform authentication. For example, AUSF 264 may implementan Extensible Authentication Protocol (EAP) authentication server andmay store authentication keys for UE devices 110. AUSF 264 may beaccessible via Nausf interface 265. EIR 266 may authenticate aparticular UE device 110 based on UE device identity, such as aPermanent Equipment Identifier (PEI). For example, EIR 266 may check todetermine if a PEI has been blacklisted. EIR 266 may be accessible viaNeir interface 267. NWDAF 268 may collect analytics informationassociated with radio access network 130 and/or core network 140. SMSF270 may perform SMS services for UE devices 110. SMSF 270 may beaccessible via Nsmsf interface 271. SEPP 272 may implement applicationlayer security for all layer information exchanged between two NFsacross two different Public Land Mobile Networks.

N3IWF 274 may interconnect to a non-3GPP access device, such as, forexample, a WiFi access point (not shown in FIG. 2 ). N3IWF 274 mayfacilitate handovers for UE device 110 between radio access network 130and the non-3GPP access device. N3IWF 274 communicate with UPF 230 usingN3 interface 214. N3IWF 274 may manage an IPsec tunnel to UE device 110via WiFi AP 120. If the IPsec tunnel becomes idle, N3IWF 274 mayinstruct UE device 110 to tear down the IPsec tunnel. If a mobileterminating call is received for UE device 110, M3IWF 274 may page UEdevice 110 via WiFi AP 120 to establish a new IPsec tunnel.

Although FIG. 2 shows exemplary components of core network 140, in otherimplementations, core network 140 may include fewer components,different components, differently arranged components, or additionalcomponents than depicted in FIG. 2 . Additionally, or alternatively, oneor more components of core network 140 may perform functions describedas being performed by one or more other components of core network 140.For example, core network 140 may include additional function nodes notshown in FIG. 2 , such as a Unified Data Repository (UDR), anUnstructured Data Storage Network Function (UDSF), a Location ManagementFunction (LMF), a Lawful Intercept Function (LIF), a Binding SessionFunction (BSF), and/or other types of functions. Furthermore, whileparticular interfaces have been described with respect to particularfunction nodes in FIG. 2 , additionally, or alternatively, core network140 may include a reference point architecture that includespoint-to-point interfaces between particular function nodes.

FIG. 3 is a diagram illustrating example components of a device 300according to an implementation described herein. UE device 110, WiFi AP120, base station 155, MEC device 165, and/or any of the components ofFIG. 2 may each include, or be implemented on, one or more devices 300.As shown in FIG. 3 , device 300 may include a bus 310, a processor 320,a memory 330, an input device 340, an output device 350, and acommunication interface 360.

Bus 310 may include a path that permits communication among thecomponents of device 300. Processor 320 may include any type ofsingle-core processor, multi-core processor, microprocessor, latch-basedprocessor, central processing unit (CPU), graphics processing unit(GPU), neural processing unit (NPU), tensor processing unit (TPU),hardware accelerator, and/or processing logic (or families ofprocessors, microprocessors, and/or processing logics) that interpretsand executes instructions. In other embodiments, processor 320 mayinclude an application-specific integrated circuit (ASIC), afield-programmable gate array (FPGA), and/or another type of integratedcircuit or processing logic.

Memory 330 may include any type of dynamic storage device that may storeinformation and/or instructions, for execution by processor 320, and/orany type of non-volatile storage device that may store information foruse by processor 320. For example, memory 330 may include a randomaccess memory (RAM) or another type of dynamic storage device, aread-only memory (ROM) device or another type of static storage device,a content addressable memory (CAM), a magnetic and/or optical recordingmemory device and its corresponding drive (e.g., a hard disk drive,optical drive, etc.), and/or a removable form of memory, such as a flashmemory.

Input device 340 may allow an operator to input information into device300. Input device 340 may include, for example, a keyboard, a mouse, apen, a microphone, a remote control, an audio capture device, an imageand/or video capture device, a touch-screen display, and/or another typeof input device. In some implementations, device 300 may be managedremotely and may not include input device 340. In other words, device300 may be “headless” and may not include a keyboard, for example.

Output device 350 may output information to an operator of device 300.Output device 350 may include a display, a printer, a speaker, and/oranother type of output device. For example, device 300 may include adisplay, which may include a liquid-crystal display (LCD) for displayingcontent to the user. In some implementations, device 300 may be managedremotely and may not include output device 350. In other words, device300 may be “headless” and may not include a display, for example.

Communication interface 360 may include a transceiver that enablesdevice 300 to communicate with other devices and/or systems via wirelesscommunications (e.g., radio frequency, infrared, and/or visual optics,etc.), wired communications (e.g., conductive wire, twisted pair cable,coaxial cable, transmission line, fiber optic cable, and/or waveguide,etc.), or a combination of wireless and wired communications.Communication interface 360 may include a transmitter that convertsbaseband signals to radio frequency (RF) signals and/or a receiver thatconverts RF signals to baseband signals. Communication interface 360 maybe coupled to an antenna for transmitting and receiving RF signals.

Communication interface 360 may include a logical component thatincludes input and/or output ports, input and/or output systems, and/orother input and output components that facilitate the transmission ofdata to other devices. For example, communication interface 360 mayinclude a network interface card (e.g., Ethernet card) for wiredcommunications and/or a wireless network interface (e.g., a WiFi) cardfor wireless communications. Communication interface 360 may alsoinclude a universal serial bus (USB) port for communications over acable, a Bluetooth™ wireless interface, a radio-frequency identification(RFID) interface, a near-field communications (NFC) wireless interface,and/or any other type of interface that converts data from one form toanother form.

As will be described in detail below, device 300 may perform certainoperations relating to the management of IPsec tunnels via WiFiconnections. Device 300 may perform these operations in response toprocessor 320 executing software instructions contained in acomputer-readable medium, such as memory 330. A computer-readable mediummay be defined as a non-transitory memory device. A memory device may beimplemented within a single physical memory device or spread acrossmultiple physical memory devices. The software instructions may be readinto memory 330 from another computer-readable medium or from anotherdevice. The software instructions contained in memory 330 may causeprocessor 320 to perform processes described herein. Alternatively,hardwired circuitry may be used in place of, or in combination with,software instructions to implement processes described herein. Thus,implementations described herein are not limited to any specificcombination of hardware circuitry and software.

Although FIG. 3 shows exemplary components of device 300, in otherimplementations, device 300 may include fewer components, differentcomponents, additional components, or differently arranged componentsthan depicted in FIG. 3 . Additionally, or alternatively, one or morecomponents of device 300 may perform one or more tasks described asbeing performed by one or more other components of device 300.

FIG. 4 is a diagram illustrating exemplary components of N3IWF 274. Thecomponents of N3IWF 274 may be implemented, for example, via processor320 executing instructions from memory 330. Alternatively, some or allof the components of N3IWF 274 may be implemented via hard-wiredcircuitry.

As shown in FIG. 4 , N3IWF 274 may include a UE device interface 410, anIPsec tunnel manager 420, an IPsec sessions database (DB) 430, a UPFinterface 440, an AMF interface 450, and a UDM interface 460. UE deviceinterface 410 may be configured to communicate with UE device 110 viaWiFi AP 120. For example, UE device interface 410 may establish an IPsectunnel with UE device 110 via WiFi AP 120. An IPsec tunnel may beestablished using Internet Key Exchange (IKE) authentication andencryption. For example, an IKE phase 1 tunnel may be established usingInternet Security Association and Key Management Protocol (ISAKMP) andused for management traffic. The IKE phase 1 tunnel may then be used toestablish an IKE phase 2 tunnel used for data exchange and forexchanging keep alive messages.

IPsec tunnel manager 420 may manage IPsec tunnels associated with WiFiAPs 120 and store information relating to IPsec tunnels associated withUE devices 110 in IPsec sessions DB 430. For example, for each IPsectunnel, IPsec sessions DB 430 may store information identifying UEdevice 110 associated with the IPsec tunnel, information identifyingWiFi AP 120 associated with the IPsec tunnel, and/or informationidentifying a status associated with IPsec tunnel, such as whether theIPsec tunnel has become idle based on the IPsec tunnel meeting anidleness criterion, a length of time since the IPsec tunnel has becomeidle, whether UE device 110 has been instructed to tear down the IPsectunnel after the IPsec tunnel has become idle, and/or other types ofstatus information associated with the IPsec tunnel.

IPsec tunnel manager 420 may monitor each IPsec tunnel to determinewhether the IPsec tunnel has become idle based on the IPsec tunnelmeeting an idleness criterion. The idleness criterion may be met if thequantity of data sent or received via the IPsec tunnel is below a dataquantity threshold within a particular time period. As an example, IPsectunnel manager 420 may ignore keep-alive packets sent via the IPsectunnel in determining whether the IPsec tunnel has become idle. Asanother example, IPsec tunnel manager 420 may analyze packets sentand/or received via the IPsec tunnel to determine whether a total numberof bytes of data sent and/or received via the IPsec tunnel within a timeperiod less than a particular number of bytes and may designate theIPsec tunnel as idle if the number of bytes sent and/or received via theIPsec tunnel is less than the particular number of bytes. If IPsectunnel manager 420 detects that an IPsec tunnel has gone idle, IPsecmanager 420 may instruct the UE device 110 associated with the IPsectunnel to tear down the IPsec tunnel. Furthermore, if IPsec tunnelmanager 420 detects a mobile terminating call for UE device 110 anddetermines that the IPsec tunnel to UE device 110 has been deactivatedor torn down, IPsec tunnel manager 420 may page UE device 110 toestablish a new IPsec tunnel with N3IWF 274.

UPF interface 440 may be configured to communicate with UPF 230. Datatraffic to and from UE device 110 to PDN 170 may be sent to and from UPF230 via UPF interface 440. AMF interface 450 may be configured tocommunicate with AMF 200. For example, AMF 220 may send instructions toN3IWF 274 to set up particular communication sessions via AMF interface450. UDM interface 460 may be configured to communicate with UDM 252.For example, N3IWF 274 may provide location update information to UDM252 via UDM interface 460. Furthermore, in some implementations, N3IWF274 may receive instructions from UDM 252 to tear down an IPsec tunnelif the IPsec tunnel becomes idle.

Although FIG. 4 shows exemplary components of N3IWF 274, in otherimplementations, N3IWF 274 may include fewer components, differentcomponents, differently arranged components, or additional componentsthan depicted in FIG. 4 . Additionally, or alternatively, one or morecomponents of N3IWF 274 may perform functions described as beingperformed by one or more other components of N3IWF 274.

FIG. 5 is a diagram illustrating exemplary components of UDM 252. Thecomponents of UDM 252 may be implemented, for example, via processor 320executing instructions from memory 330. Alternatively, some or all ofthe components of UDM 252 may be implemented via hard-wired circuitry.As shown in FIG. 5 , UDM 252 may include an N3IWF interface 510, alocation update manager 520, a UE device DB 530, an AMF interface 540,and an IPsec tunnel resources manager 550.

N3IWF interface 510 may be configured to communicate with N3IWF 274. Forexample, UDM 252 may receive location update information from N3IWF 274via N3IWF interface 510. Moreover, in some implementations, UDM 252 maysend an instruction to N3IWF 274 via N3IWF interface 510 to tear down ordeactivate an IPsec tunnel if the IPsec tunnel becomes idle. Locationupdate manager 520 may manage location update information for UE devices110. For example, location update manager 520 may store location updateinformation in UE device DB 530 and/or provide location updateinformation to AMF 220 from UE device DB 530 upon request. Exemplaryinformation that may be stored in UE device DB 530 is described belowwith reference to FIG. 6 .

AMF interface 540 may be configured to communicate with AMF 220. Forexample, AMF 220 may request location update information for UE device110 via AMF interface 540 and UDM 252 may provide the requested locationupdate information to AMF 220 via AMF interface 540. IPsec tunnelresources manager 550 may manage IPsec tunnel resources associated withcore network 140. For example, IPsec tunnel resources manager 550 maymanage a policy for management of IPsec tunnel resources, such as, forexample, instructing other NFs, such as N3IWF 274, to tear down an IPsectunnel associated with UE device 110 if the IPsec tunnel has becomeidle.

Although FIG. 5 shows exemplary components of UDM 252, in otherimplementations, UDM 252 may include fewer components, differentcomponents, differently arranged components, or additional componentsthan depicted in FIG. 5 . Additionally, or alternatively, one or morecomponents of UDM 252 may perform functions described as being performedby one or more other components of UDM 252.

FIG. 6 is a diagram illustrating exemplary information stored in UEdevice DB 530. As shown in FIG. 6 , UE device DB 530 may include one ormore UE device records 600. Each UE device record 600 may storeinformation relating to a UE device 110. UE device record 600 mayinclude a UE device ID field 610 and one or more location update records620. UE device ID field 610 may store one or more IDs associated with UEdevice 110, such as, for example, a Mobile Directory Number (MDN), anInternational Mobile Subscriber Identity (IMSI), a Mobile StationInternational Subscriber Directory Number (MSISDN), an InternationalMobile Equipment Identity (IMEI), an IP address, a Media Access Control(MAC) address, and/or another type of identifier associated with UEdevice 110. Each location update record 620 may store informationrelating to a location update received from UE device 110. For example,location update records 620 for UE device 110 may be stored in achronological order.

Location update record 620 may include a cell ID field 610, a GUAMIfield 640, an N3IWF field 650, a WiFi ID field 660, an SSID field 670,and an IPsec status field 680. Cell ID field 610 may store an IDassociated with the cell of base station 150 to which UE device 110 isattached. GUAMI field 640 may store a GUAMI for AMF 220 associated withUE device 110. N3IWF ID field 650 may store an N3IWF ID for N3IWF 274associated with UE device 110. WiFi ID field 660 may store a WiFi ID forWiFi AP 120 associated with UE device 110, such as, for example, a MACaddress of WiFi AP 120, a basic service set ID (BSSID) of WiFi AP 120,and/or another type of ID associated with WiFi AP 120. SSID field 670may store an SSID for the WiFi network associated with UE device 110.

IPsec status field 680 may store information relating to the status ofan IPsec tunnel associated with UE device 110. For example, IPsec statusfield 680 may store information indicating whether an IPsec tunnel hasbeen established from UE device 110 to N3IWF 274 via WiFi AP 120,whether an instruction has been provided to N3IWF 274 to tear down theIPsec tunnel if the IPsec tunnel becomes idle, whether the IPsec tunnelhas become idle, whether the IPsec tunnel has been torn down in responseto becoming idle, and/or other information associated with the status ofthe IPsec tunnel.

Although FIG. 6 shows exemplary components of UE device DB 530, in otherimplementations, UE device DB 530 may include fewer components,different components, additional components, or differently arrangedcomponents than depicted in FIG. 6 .

FIG. 7 illustrates a flowchart of a process for managing an IPsec tunnelaccording to an implementation described herein. In someimplementations, process 700 of FIG. 7 may be performed by N3IWF 274. Inother implementations, some or all of process 700 may be performed byanother device or a group of devices separate from N3IWF 274.

As shown in FIG. 7 , process 700 may include establishing an IPsectunnel from a UE device to a core network via a WiFi connection (block710) and providing location update information associated with the UEdevice to a UDM function (block 720). For example, UE device 110 mayconnect to WiFi AP 120 and attach to core network 140 via N3IWF 274 andset up an IPsec tunnel to N3IWF 274 via WiFi AP 120. UE device 110 maythen send location update information to N3IWF 274 using the establishedIPsec tunnel and N3IWF 274 may forward the location update informationto UDM 252. The location information may include a UE device ID, a GUAMIfor AMF 220 associated with UE device 110, an N3IWF ID associated withN3IWF 274, a WiFi AP MAC address, and/or another type of deviceidentifier, associated with WiFi AP 120, an SSID for the WiFi networkassociated with WiFi AP 120, and/or other types of location updateinformation.

Process 700 may further include detecting that the IPsec tunnel hasbecome idle (block 730) and instructing the UE device to tear down theIPsec tunnel in response (block 740). For example, N3IWF 274 maydetermine that the IPsec tunnel has satisfied an idleness criterion.Determining that the idleness criterion has been satisfied may includedetermining that less than a threshold amount of data has been sent orreceived via the IPsec tunnel within a particular time period. As anexample, N3IWF 274 may determine that the number of bytes sent and/orreceived via the IPsec tunnel within a time period (e.g., a minute,etc.) is less than a threshold number of bytes. As another example,N3IWF 274 may determine that no application level data has been sent orreceived via the IPsec tunnel within the time period. As yet anotherexample, N3IWF 274 may determine that only keep-alive packets have beensent and/or received via the IPsec tunnel within the time period.

In response to detecting that the IPsec tunnel has become idle, N3IWF274 may instruct UE device 110 to tear down the IPsec tunnel and, inresponse, UE device 110 may tear down the IPsec tunnel and N3IWF 274 mayrelease the resources (e.g., network bandwidth, processor and memoryresources, etc.) used to maintain the IPsec tunnel. As an example, N3IWF274 may instruct UE device 110 to discard the security associationinformation associated with the IPsec tunnel, such as the keys exchangedby UE device 110 an N3IWF 274. Additionally, or alternatively, N3IWF 274may instruct UE device 110 to stop sending keep-alive packets via theIPsec tunnel, may cease to recognize and/or respond to keep-alivepackets received via the IPsec tunnel from UE device 110, and/or maycease to send keep-alive packets to UE device 110 via the IPsec tunnel.N3IWF 274 may then release resources associated with maintaining theIPsec tunnel.

Process 700 may further include receiving a mobile terminating call forthe UE device (block 750) and paging the UE device to establish a newIPsec tunnel (block 760). For example, N3IWF 274 may receive an IMSsession creation request from AMF 220 for UE device 110 based on amobile terminating call received for UE device 110 from an IMS system.In response, N3IWF 274 may send a paging message to UE device 110 toestablish a new IPsec tunnel to N3IWF 274 via WiFi AP 120.

A new IPsec tunnel may be established with the UE device via the WiFiconnection (block 770) and the mobile terminating call may be forwardedto the UE device using the established new IPsec tunnel (block 780). Forexample, in response to receiving the paging message from N3IWF 274, UEdevice 110 may set up a new IPsec tunnel to N3IWF 274 via WiFi AP 120.N3IWF 274 may further set up an IPsec tunnel to UPF 230 which functionsas a gateway and/or APN for PDN 170 associated with the IMS from whichthe mobile terminating call has been received.

In some implementations, if paging UE device 110 via the WiFi connectionis not successful, the N3IWF may inform AMF 220 that UE device 110 didnot respond to the paging message and/or that UE device 110 cannot bereached. In response, AMF 220 may page UE device 110 via a cellularconnection using base station 155 to which UE device 110 is attached. Inother implementations, core network 140 may page UE device 110 via boththe WiFi connection using N3IWF 274 and via the cellular connectionusing AMF 220 and base station 155. If paging UE device 110 is notsuccessful (e.g., the UE device does not respond by establishing anIPsec tunnel) as a result of paging UE device 110 using the WiFiconnection and/or as a result of paging UE device 110 using a cellularconnection via base station 155, the mobile terminating call may beforwarded to voicemail. For example, AMF 220 may instruct UPF 230 toroute the mobile terminating call to a voicemail function that maintainsa voicemail inbox for UE device 110.

FIG. 8 illustrates a flowchart of a process for managing locationupdates according to an implementation described herein. In someimplementations, process 800 of FIG. 8 may be performed by UDM 252. Inother implementations, some or all of process 800 may be performed byanother device or a group of devices separate from UDM 252.

As shown in FIG. 8 , process 800 may include receiving a location updatefor a UE device (block 810). For example, UDM 252 may receive a locationupdate from UE device 110 that includes a UE device ID, a GUAMI for AMF220 associated with UE device 110, an N3IWF ID for N3IWF 274 associatedwith UE device 110, a WiFi AP MAC address, and/or another type of deviceidentifier, for WiFi AP 120 associated with UE device 110, an SSID forthe WiFi network associated with UE device 110, and/or other types oflocation update information.

Process 800 may further include determining that UE device 110 isconnected via WiFi (block 820), generating an instruction to tear downthe IPsec tunnel associated with UE device 110 if the IPsec tunnelbecomes idle (block 830), and sending the instruction o N3IWF 274associated with UE device 110 (block 840). For example, UDM 252 maydetermine, based on the N3IWF ID included in the location update, thatUE device 110 is attached to core network 140 via N3IWF 274 and thus isusing a WiFi connection. In response, UDM 252 may instruct N3IWF 274 totear down the IPsec tunnel associated with UE device 110 if the IPsectunnel becomes idle.

FIG. 9A illustrates a first exemplary signal flow 901 according to animplementation described herein. Signal flow 901 may include UE device110 connecting to WiFi AP 120 and attaching to core network 140 viaN3IWF 274 and UE device 110 setting up an IPsec tunnel to N3IWF 274 viaWiFi AP 120 (signals 910 and 912). UE device 110 may then send locationupdate information to UDM 252 via N3IWF 274 using the established IPsectunnel and N3IWF 274 may forward the location update information to UDM252 via AMF 220 (signals 914, 916, 918, and 920). The locationinformation may include a UE device ID, a GUAMI for AMF 220 associatedwith UE device 110, an N3IWF ID associated with N3IWF 274, a WiFi AP MACaddress, and/or another type of device identifier, associated with WiFiAP 120, an SSID for the WiFi network associated with WiFi AP 120, and/orother types of location update information. The location updateinformation may be stored by UDM 252 in a UE device record 600associated with UE device 110.

UDM 252 may send an instruction to N3IWF 274 to tear down the IPsectunnel if the IPsec tunnel becomes idle, in order to conserve networkresources (signals 930 and 932). At a later time, N3IWF 274 may detectthat the IPsec tunnel has become idle (block 940). For example, N3IWF274 may determine that less than a threshold amount of data has beensent or received via the IPsec tunnel within a particular time period.In response to detecting that the IPsec tunnel has become idle, N3IWF274 may instruct UE device 110 to tear down the IPsec tunnel (signals942 and 944). In response, UE device 110 may tear down the IPsec tunneland N3IWF 274 may release the resources (e.g., network bandwidth,processor and memory resources, etc.) used to maintain the IPsec tunnel.The signal flow may continue as shown in FIG. 9B.

FIG. 9B illustrates a first exemplary signal flow 902 according to animplementation described herein. As shown in FIG. 9B, signal flow 902may include a mobile terminating call being received by AMF 220 from aProxy Call Session Control Function (P-CSCF) 900 of an IMS network(signal 950). In response, AMF 220 may send a location update request toUDM 252 for UE device 110 and UDM 252 may provide a location update forUE device 110 to AMF 252 (block 952). The location update for UE device110 may indicate that UE device 110 is attached to core network 140 viaN3IWF 274 and WiFi AP 120 and, therefore, AMF 220 may initiate an IMSsession creation process with N3IWF 274 for UE device 110 (signal 954).

N3IWF 274 may receive an IMS session creation request from AMF 220 forUE device 110 and may, in response, page UE device 110 via WiFi AP 120to create a new IPsec tunnel (signals 960 and 962). In response toreceiving the paging message from N3IWF 274, UE device 110 may set up anew IPsec tunnel to N3IWF 274 via WiFi AP 120 (signals 970 and 972).N3IWF 274 may set up a GPRS Tunneling Protocol (GTP) tunnel to UPF 230via SMF 240 (signal 974). UPF 230 may function as a gateway to a IMSnetwork that incudes P-CSCF 900 handling the mobile terminating call.After the IPsec tunnel is established, UE device 110 may receive themobile terminating call and may send and/or receive data associated withthe voice and/or video call over the established IPsec tunnel (signals980, 982, 984, and 986).

In the preceding specification, various preferred embodiments have beendescribed with reference to the accompanying drawings. It will, however,be evident that various modifications and changes may be made thereto,and additional embodiments may be implemented, without departing fromthe broader scope of the invention as set forth in the claims thatfollow. The specification and drawings are accordingly to be regarded inan illustrative rather than restrictive sense.

For example, while a series of blocks have been described with respectto FIGS. 7 and 8 , and a series of signals have been described withrespect to FIGS. 9A and 9B, the order of the blocks, and/or signals, maybe modified in other implementations. Further, non-dependent blocksand/or signals may be performed in parallel.

It will be apparent that systems and/or methods, as described above, maybe implemented in many different forms of software, firmware, andhardware in the implementations illustrated in the figures. The actualsoftware code or specialized control hardware used to implement thesesystems and methods is not limiting of the embodiments. Thus, theoperation and behavior of the systems and methods were described withoutreference to the specific software code—it being understood thatsoftware and control hardware can be designed to implement the systemsand methods based on the description herein.

Further, certain portions, described above, may be implemented as acomponent that performs one or more functions. A component, as usedherein, may include hardware, such as a processor, an ASIC, or a FPGA,or a combination of hardware and software (e.g., a processor executingsoftware).

It should be emphasized that the terms “comprises”/“comprising” whenused in this specification are taken to specify the presence of statedfeatures, integers, steps or components but does not preclude thepresence or addition of one or more other features, integers, steps,components or groups thereof.

The term “logic,” as used herein, may refer to a combination of one ormore processors configured to execute instructions stored in one or morememory devices, may refer to hardwired circuitry, and/or may refer to acombination thereof. Furthermore, a logic may be included in a singledevice or may be distributed across multiple, and possibly remote,devices.

For the purposes of describing and defining the present invention, it isadditionally noted that the term “substantially” is utilized herein torepresent the inherent degree of uncertainty that may be attributed toany quantitative comparison, value, measurement, or otherrepresentation. The term “substantially” is also utilized herein torepresent the degree by which a quantitative representation may varyfrom a stated reference without resulting in a change in the basicfunction of the subject matter at issue.

To the extent the aforementioned embodiments collect, store, or employpersonal information of individuals, it should be understood that suchinformation shall be collected, stored, and used in accordance with allapplicable laws concerning protection of personal information.Additionally, the collection, storage and use of such information may besubject to consent of the individual to such activity, for example,through well known “opt-in” or “opt-out” processes as may be appropriatefor the situation and type of information. Storage and use of personalinformation may be in an appropriately secure manner reflective of thetype of information, for example, through various encryption andanonymization techniques for particularly sensitive information.

No element, act, or instruction used in the present application shouldbe construed as critical or essential to the embodiments unlessexplicitly described as such. Also, as used herein, the article “a” isintended to include one or more items. Further, the phrase “based on” isintended to mean “based, at least in part, on” unless explicitly statedotherwise.

What is claimed is:
 1. A method comprising: detecting, by a computerdevice, that an Internet Protocol Security (IPsec) tunnel from a userequipment (UE) device connected via a WiFi connection has become idle;instructing, by the computer device, the UE device to tear down theIPsec tunnel, in response to detecting that the IPsec tunnel has becomeidle; receiving, by the computer device, a mobile terminating call forthe UE device; and paging, by the computer device, the UE device via abase station to reestablish the IPsec tunnel via the WiFi connection, inresponse to receiving the mobile terminating call for the UE device. 2.The method of claim 1, further comprising: receiving location updateinformation from the UE device via the reestablished IPsec tunnel; andproviding the received location update information to a Unified DataManagement (UDM) function.
 3. The method of claim 2, wherein thelocation update information includes at least one of: a Globally UniqueAccess and Mobility Function Identifier (GUAMI) associated with the UEdevice; a Non-Third-Generation-Partnership-Project Interworking Function(N3IWF) identifier associated with the UE device; a WiFi Access Point(AP) Media Access Control (MAC) address associated with the WiFiconnection; or a service set identifier (SSID) associated with the WiFiconnection.
 4. The method of claim 1, wherein the computer deviceincludes a Non-Third-Generation-Partnership-Project InterworkingFunction (N3IWF).
 5. The method of claim 1, further comprising:receiving an instruction from a Unified Data Management (UDM) functionto tear down the IPsec tunnel if the IPsec tunnel becomes idle.
 6. Themethod of claim 1, further comprising: forwarding the received mobileterminating call to the UE device via the reestablished IPsec tunnel. 7.The method of claim 1, further comprising: detecting that another IPsectunnel from another UE device connected via another WiFi connection hasbecome idle; instructing the other UE device to tear down the otherIPsec tunnel, in response to detecting that the other IPsec tunnel fromthe other UE device connected via the other WiFi connection has becomeidle; receiving another mobile terminating call for the other UE device;and paging the other UE device via the other WiFi connection toreestablish the other IPsec tunnel.
 8. The method of claim 1, furthercomprising: detecting that another IPsec tunnel from another UE deviceconnected via another WiFi connection has become idle; instructing theother UE device to tear down the other IPsec tunnel, in response todetecting that the other IPsec tunnel from the other UE device connectedvia the other WiFi connection has become idle; receiving another mobileterminating call for the other UE device; sending a paging message tothe other UE device via the other WiFi connection to reestablish theother IPsec tunnel, in response to receiving the other mobileterminating call for the other UE device; determining that the other UEdevice has not responded to the paging message; and forwarding the othermobile terminating call to voicemail, in response to determining thatthe other UE device has not responded to the paging message.
 9. A devicecomprising: a memory storing instructions; and a processor configured toexecute the instructions to: detect that an Internet Protocol Security(IPsec) tunnel from a user equipment (UE) device connected via a WiFiconnection has become idle; instruct the UE device to tear down theIPsec tunnel, in response to detecting that the IPsec tunnel has becomeidle; receive a mobile terminating call for the UE device; and page theUE device via a base station to reestablish the IPsec tunnel via theWiFi connection, in response to receiving the mobile terminating callfor the UE device.
 10. The device of claim 9, wherein the processor isfurther configured to: receive location update information from the UEdevice via the reestablished IPsec tunnel; and provide the receivedlocation update information to a Unified Data Management (UDM) function.11. The device of claim 10, wherein the location update informationincludes at least one of: a Globally Unique Access and Mobility FunctionIdentifier (GUAMI) associated with the UE device; aNon-Third-Generation-Partnership-Project Interworking Function (N3IWF)identifier associated with the UE device; a WiFi Access Point (AP) MediaAccess Control (MAC) address associated with the WiFi connection; or aservice set identifier (SSID) associated with the WiFi connection. 12.The device of claim 9, wherein the computer device includes aNon-Third-Generation-Partnership-Project Interworking Function (N3IWF).13. The device of claim 9, wherein the processor is further configuredto: receive an instruction from a Unified Data Management (UDM) functionto tear down the IPsec tunnel if the IPsec tunnel becomes idle.
 14. Thedevice of claim 9, wherein the processor is further configured to:forward the received mobile terminating call to the UE device via thereestablished IPsec tunnel.
 15. The device of claim 9, wherein theprocessor is further configured to: detect that another IPsec tunnelfrom another UE device connected via another WiFi connection has becomeidle; instruct the other UE device to tear down the other IPsec tunnel,in response to detecting that the other IPsec tunnel from the other UEdevice connected via the other WiFi connection has become idle; receiveanother mobile terminating call for the other UE device; and page theother UE device via the other WiFi connection to reestablish the otherIPsec tunnel.
 16. The device of claim 9, wherein the processor isfurther configured to: detect that another IPsec tunnel from another UEdevice connected via another WiFi connection has become idle; instructthe other UE device to tear down the other IPsec tunnel, in response todetecting that the other IPsec tunnel from the other UE device connectedvia the other WiFi connection has become idle; receive another mobileterminating call for the other UE device; send a paging message to theother UE device via the other WiFi connection to reestablish the otherIPsec tunnel, in response to receiving the other mobile terminating callfor the other UE device; determine that the other UE device has notresponded to the paging message; and forward the other mobileterminating call to voicemail, in response to determining that the otherUE device has not responded to the paging message.
 17. A systemcomprising: a first device configured to: implement a Unified DataManagement (UDM) that stores information associated with user equipment(UE) devices; and a second device configured to: receive an instructionfrom the first device to tear own an Internet Protocol Security (IPsec)tunnel from a UE device connected via a WiFi connection when the IPsectunnel has become idle; detect that an IPsec tunnel from a UE deviceconnected via a WiFi connection has become idle; instruct the UE deviceto tear down the IPsec tunnel, in response to detecting that the IPsectunnel has become idle; receive a mobile terminating call for the UEdevice; and page the UE device via a base station to reestablish theIPsec tunnel via the WiFi connection, in response to receiving themobile terminating call for the UE device.
 18. The system of claim 17,wherein the second device is further configured to: receive locationupdate information from the UE device via the reestablished IPsectunnel; and provide the received location update information to thefirst device.
 19. The system of claim 18, wherein the location updateinformation includes at least one of: a Globally Unique Access andMobility Function Identifier (GUAMI) associated with the UE device; aNon-Third-Generation-Partnership-Project Interworking Function (N3IWF)identifier associated with the UE device; a WiFi Access Point (AP) MediaAccess Control (MAC) address associated with the WiFi connection; or aservice set identifier (SSID) associated with the WiFi connection. 20.The system of claim 17, wherein the second device is further configuredto: forward the received mobile terminating call to the UE device viathe reestablished IPsec tunnel.